Kevin Wolf [Tue, 16 Feb 2010 14:54:49 +0000 (15:54 +0100)]
qcow2: Fix access after end of array
If a write requests crosses a L2 table boundary and all clusters until the
end of the L2 table are usable for the request, we must not look at the next
L2 entry because we already have arrived at the end of the array.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 4805bb66969622f86376191c94c4748bce91e6be)
net: Monitor command set_link finds only VLAN clients, fix
Clients not associated with a VLAN exist since commit d80b9fc6.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 2583ba97ef1de6040b7d0afd2b66737515de5423)
Clients not associated with a VLAN exist since commit d80b9fc6.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit a0104e0ec7939781d79ca4b54ebedd5fd3360151)
net: net_check_clients() checks only VLAN clients, fix
Clients not associated with a VLAN exist since commit d80b9fc6.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit efe32fdde15e5764cfbc68cb2d61737681b1e096)
net: Fix bogus "Warning: vlan 0 with no nics" with -device
net_check_clients() prints this when an VLAN has host devices, but no
guest devices. It uses VLANState members nb_guest_devs and
nb_host_devs to keep track of these devices. However, -device does
not update nb_guest_devs, only net_init_nic() does that, for -net nic.
Check the VLAN clients directly, and remove the counters.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 62112d181ca33fea976100c4335dfc3e2f727e6c)
net: net_check_clients() runs too early to see -device, fix
Call it right after -device devices get created.
Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 668680f75feea79704c603b96126c0833e1ed9a9)
Signed-off-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 7f76abe1c9d880050ba31ff827b3ff5cbc8175a7)
Jim Meyering [Mon, 8 Feb 2010 18:28:38 +0000 (19:28 +0100)]
don't dereference NULL after failed strdup
Most of these are obvious NULL-deref bug fixes, for example,
the ones in these files:
block/curl.c
net.c
slirp/misc.c
and the first one in block/vvfat.c.
The others in block/vvfat.c may not lead to an immediate segfault, but I
traced the two schedule_rename(..., strdup(path)) uses, and a failed
strdup would appear to trigger this assertion in handle_renames_and_mkdirs:
assert(commit->path);
The conversion to use qemu_strdup in envlist_to_environ is not technically
needed, but does avoid a theoretical leak in the caller when strdup fails
for one value, but later succeeds in allocating another buffer(plausible,
if one string length is much larger than the others). The caller does
not know the length of the returned list, and as such can only free
pointers until it hits the first NULL. If there are non-NULL pointers
beyond the first, their buffers would be leaked. This one is admittedly
far-fetched.
The two in linux-user/main.c are worth fixing to ensure that an
OOM error is diagnosed up front, rather than letting it provoke some
harder-to-diagnose secondary error, in case of exec failure, or worse, in
case the exec succeeds but with an invalid list of command line options.
However, considering how unlikely it is to encounter a failed strdup early
in main, this isn't a big deal. Note that adding the required uses of
qemu_strdup here and in envlist.c induce link failures because qemu_strdup
is not currently in any library they're linked with. So for now, I've
omitted those changes, as well as the fixes in target-i386/helper.c
and target-sparc/helper.c.
If you'd like to see the above discussion (or anything else)
in the commit log, just let me know and I'll be happy to adjust.
>From 9af42864fd1ea666bd25e2cecfdfae74c20aa8c7 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering@redhat.com>
Date: Mon, 8 Feb 2010 18:29:29 +0100
Subject: [PATCH] don't dereference NULL after failed strdup
Handle failing strdup by replacing each use with qemu_strdup,
so as not to dereference NULL or trigger a failing assertion.
* block/curl.c (curl_open): s/\bstrdup\b/qemu_strdup/
* block/vvfat.c (init_directories): Likewise.
(get_cluster_count_for_direntry, check_directory_consistency): Likewise.
* net.c (parse_host_src_port): Likewise.
* slirp/misc.c (fork_exec): Likewise.
Tom Lendacky [Mon, 8 Feb 2010 16:10:01 +0000 (10:10 -0600)]
virtio-net: fix network stall under load
Fix a race condition where qemu finds that there are not enough virtio
ring buffers available and the guest make more buffers available before
qemu can enable notifications.
Signed-off-by: Tom Lendacky <toml@us.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 06b1297017415ae6a07a0e97ad7d8e90b2d95823)
Roy Tam [Thu, 4 Feb 2010 02:30:30 +0000 (10:30 +0800)]
json: fix PRId64 on Win32
OK we are fooled by the json lexer and parser. As we use %I64d to
print 'long long' variables in Win32, but lexer and parser only deal
with %lld but not %I64d, this patch add support for %I64d and solve
'info pci', 'powser_reset' and 'power_powerdown' assert failure in
Win32.
David S. Ahern [Wed, 3 Feb 2010 16:00:54 +0000 (09:00 -0700)]
segfault due to buffer overrun in usb-serial
This fixes a segfault due to buffer overrun in the usb-serial device.
The memcpy was incrementing the start location by recv_used yet, the
computation of first_size (how much to write at the end of the buffer
before wrapping to the front) was not accounting for it. This causes the
next element after the receive buffer (recv_ptr) to get overwritten with
random data.
Signed-off-by: David Ahern <daahern@cisco.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 4ab4183d766f10f9fc35cd9ef4acee39f241986f)
Kevin Wolf [Tue, 2 Feb 2010 14:20:57 +0000 (15:20 +0100)]
qcow2: Fix signedness bugs
Checking for return codes < 0 isn't really going to work with unsigned
types. Use signed types instead.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit f4f0d391b26afcce86df85566788be7170127116)
Do not ignore error, if open file failed (-serial /dev/tty)
In case, when qemu is executed with option like
-serial /dev/ttyS0, report if there are problems with
opening of devices. At now errors are silently ignoring.
Signed-off-by: Evgeniy Dushistov <dushistov@mail.ru> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit afc535acb579a7808d9ff170088c839a29c61dc9)
Aurelien Jarno [Tue, 9 Feb 2010 21:54:22 +0000 (22:54 +0100)]
tcg/mips: fix crash in tcg_out_qemu_ld()
The address register is overriden when it corresponds to v0 and the fast
path is taken, which leads to a crash. Fix that by using the a0 register
instead.
Kevin Wolf [Wed, 27 Jan 2010 12:12:36 +0000 (13:12 +0100)]
virtio-blk: Fix error cases which ignored rerror/werror
If an I/O request fails right away instead of getting an error only in the
callback, we still need to consider rerror/werror.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 6c510fbf601fd8c6891b2f1d7165ceb82308a16f)
Kevin Wolf [Wed, 27 Jan 2010 12:12:35 +0000 (13:12 +0100)]
virtio-blk: Fix restart after read error
Current code assumes that only write requests are ever going to be restarted.
This is wrong since rerror=stop exists. Instead of directly starting writes,
use the same request processing as used for new requests.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit f1b5286803ee66f73034f1f5e0e1cf14f4415f94)
Kevin Wolf [Wed, 27 Jan 2010 12:12:34 +0000 (13:12 +0100)]
virtio_blk: Factor virtio_blk_handle_request out
We need a function that handles a single request. Create one by splitting out
code from virtio_blk_handle_output.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit bc6694d43a68baa864dba7742354a379a3347f33)
Jan Kiszka [Fri, 29 Jan 2010 14:12:48 +0000 (15:12 +0100)]
cirrus: Properly re-register cirrus_linear_io_addr on vram unmap
This fixes CONFIG_FB_CIRRUS for Linux guests and probably much more:
When switching away from linearly mapped vram, we also have to restore
the I/O handlers for the LFB.
This regression was once introduced by commit 2bec46dc97.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 4516e45f82b7ee0cedce875477e785989a719b67)
Kevin Wolf [Wed, 20 Jan 2010 14:04:01 +0000 (15:04 +0100)]
qcow2: Don't ignore qcow2_alloc_clusters return value
Now that qcow2_alloc_clusters can return error codes, we must handle them in
the callers of qcow2_alloc_clusters.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 5d757b563d59142ca81e1073a8e8396750a0ad1a)
Kevin Wolf [Wed, 20 Jan 2010 14:03:06 +0000 (15:03 +0100)]
qcow2: Don't ignore update_refcount return value
update_refcount can return errors that need to be handled by the callers.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit db3a964fb6d66bd50faca76968479bb62ed25330)
Kevin Wolf [Wed, 20 Jan 2010 14:03:05 +0000 (15:03 +0100)]
qcow2: Allow updating no refcounts
There's absolutely no problem with updating the refcounts of 0 clusters.
At least snapshot code is doing this and would fail once the result of
update_refcount isn't ignored any more.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 7322afe7eaa7211285a38ccfb754a0a52911e394)
Kevin Wolf [Wed, 20 Jan 2010 14:03:04 +0000 (15:03 +0100)]
qcow2: Improve error handling in update_refcount
If update_refcount fails, try to undo any changes made so far to avoid
inconsistencies in the image file.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 09508d13f3874d07bf25f8dd9f5303cbd8139d1b)
Kevin Wolf [Wed, 20 Jan 2010 14:03:03 +0000 (15:03 +0100)]
qcow2: Fix error handling in grow_refcount_table
Return the appropriate error code instead of -EIO.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit f2b7c8b37045e0e030ef027cfb6d574558fb732a)
Kevin Wolf [Wed, 20 Jan 2010 14:03:02 +0000 (15:03 +0100)]
block: Return original error codes in bdrv_pread/write
Don't assume -EIO but return the real error.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 9a8c4cceaf670193270995b95378faa3867db999)
Kevin Wolf [Wed, 20 Jan 2010 14:03:01 +0000 (15:03 +0100)]
qcow2: Return 0/-errno in qcow2_alloc_cluster_offset
Returning 0/-errno allows it to distingush different errors classes. The
cluster offset of newly allocated clusters is now returned in the QCowL2Meta
struct.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 148da7ea9d66bad0d5b6512074fbedc4e2640e8f)
Kevin Wolf [Wed, 20 Jan 2010 14:03:00 +0000 (15:03 +0100)]
qcow2: Return 0/-errno in get_cluster_table
Switching to 0/-errno allows it to distinguish different error cases.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 1e3e8f1a437cafa3b23486aea36be3c9c0bd4e28)
Kevin Wolf [Wed, 20 Jan 2010 14:02:59 +0000 (15:02 +0100)]
qcow2: Fix error handling in qcow_save_vmstate
Don't assume success but pass the bdrv_pwrite return value on.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 1d36e3aae338a71ba449f561b6343bb313f70968)
Kevin Wolf [Wed, 20 Jan 2010 14:02:58 +0000 (15:02 +0100)]
qcow2: Fix error handling in qcow2_grow_l1_table
Return the appropriate error value instead of always using EIO. Don't free the
L1 table on errors, we still need it.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit fb8fa77ce143b0911658b4bcbe641c869e26ceee)
Herve Poussineau [Sun, 24 Jan 2010 21:18:36 +0000 (21:18 +0000)]
win32/sdl: Fix toggle full screen
Toggle full screen on Win32/SDL 1.2.13 was broken by commit c18a2c360e3100bbd71162cf922dcd8c429a8b71. Re-add the call to
do_sdl_resize() which was removed in this revision
Signed-off-by: Herve Poussineau <hpoussin@reactos.org> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit a35aed57bf47584b5f55b71acf8daba19decf12a)
Herve Poussineau [Sun, 24 Jan 2010 21:23:56 +0000 (21:23 +0000)]
win32: pair qemu_memalign() with qemu_vfree()
Win32 suffers from a very big memory leak when dealing with SCSI devices.
Each read/write request allocates memory with qemu_memalign (ie
VirtualAlloc) but frees it with qemu_free (ie free).
Pair all qemu_memalign() calls with qemu_vfree() to prevent such leaks.
Signed-off-by: Herve Poussineau <hpoussin@reactos.org> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit f8a83245d9ec685bc6aa6173d6765fe03e20688f)
vnc_refresh: calling vnc_update_client might free vs
Hi all,
this patch fixes another bug in vnc_refresh: calling vnc_update_client
might cause vs to be free()ed, in this case we cannot access vs->next
right after to examine the next item on the list.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 6185c5783c50ab5bb4bcdc317772848278cb9bc1)
Jan Kiszka [Sun, 24 Jan 2010 08:51:49 +0000 (09:51 +0100)]
Musicpal: Fix descriptor walk in eth_send
Commit 930c86820e introduced a regression to eth_send: eth_tx_desc_put
manipulates the host's tx descriptor copy before writing it back, but
two lines down the descriptor is evaluated again, leaving us with an
invalid next address if host and guest endianness differ. So this was
the actual issue commit 2e87c5b937 tried to paper over.
Luiz Capitulino [Wed, 20 Jan 2010 12:37:59 +0000 (10:37 -0200)]
QMP: Fix asynchronous events delivery
Commit f039a563f200beee80cc10fd70b21ea396979dab introduces
a regression as monitor_protocol_event() will return in
the first user Monitor it finds in the QLIST_FOREACH()
loop.
The right thing to do is to only delivery an asynchronous
event if the 'mon' is a QMP Monitor.
The aforementioned commit was an early version, if it was
applied to stable (it should) this one has to be applied
there too.
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 23fabed13645fdf66473e458f318baa63be56b22)
Stefan Weil [Sat, 16 Jan 2010 17:19:44 +0000 (18:19 +0100)]
Documentation: Add missing documentation for qdev related command line options
The command line options -device, -nodefaults, -readconfig,
-writeconfig had entries for command line help, but
documentation for texi and derived formats (man, html, info)
was missing.
This also required moving "@end table" to the end of
qemu-options.hx again.
Signed-off-by: Stefan Weil <weil@mail.berlios.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 3dbf2c7fc5682827be6fa436362fb5db221bd210)
Gerd Hoffmann [Thu, 14 Jan 2010 13:44:14 +0000 (14:44 +0100)]
pc: add driver version compat properties
This patch adds compat property entries for ide-disk.ver and
scsi-disk.ver to pc-0.10 and pc-0.11. With this patch applied
the scsi and ide disks report "0.10" and "0.11" as version when
you start qemu with "-M pc-0.10" or "-M pc-0.11".
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 374ef70452452fb729c45dcf1a73a1bd1396cfda)
Gerd Hoffmann [Thu, 14 Jan 2010 13:44:13 +0000 (14:44 +0100)]
scsi: device version property
This patch adds a new property named 'ver' to scsi-disk which allows to
specify the version which the virtual disk/cdrom should report to the
guest. By default this is the qemu version (i.e. 0.12). usage:
Gerd Hoffmann [Thu, 14 Jan 2010 13:44:12 +0000 (14:44 +0100)]
ide: device version property
This patch adds a new property named 'ver' to ide-drive which allows to
specify the version which the virtual disk/cdrom should report to the
guest. By default this is the qemu version (i.e. 0.12). usage:
Adam Litke [Fri, 15 Jan 2010 14:34:02 +0000 (08:34 -0600)]
QMP: Emit asynchronous events on all QMP monitors
When using a control/QMP monitor in tandem with a regular monitor, asynchronous
messages can get lost depending on the order of the QEMU program arguments.
QEMU events issued by monitor_protocol_event() always go to cur_mon. If the
user monitor was specified on the command line first (or it has ,default), the
message will be directed to the user monitor (not the QMP monitor).
Additionally, only one QMP session is currently able to receive async messages.
To avoid this confusion, scan through the list of monitors and emit the message
on each QMP monitor.
Signed-off-by: Adam Litke <agl@us.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit f039a563f200beee80cc10fd70b21ea396979dab)
Kevin Wolf [Fri, 15 Jan 2010 11:56:41 +0000 (12:56 +0100)]
Fix QEMU_WARN_UNUSED_RESULT
Since commit 747bbdf7 QEMU_WARN_UNUSED_RESULT is never defined as it is
conditional on a define from config-host.h which is included only later.
Include that file earlier to get the warnings back.
Reactivating it unfortunately leads to some warnings about unused qdev_init
results. These calls are changed to qdev_init_nofail to avoid build failures.
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit beb6f0de7aa19ce62fdd21a876b8c171ac7fde2e)
Anthony Liguori [Wed, 13 Jan 2010 23:58:50 +0000 (17:58 -0600)]
Update SeaBIOS to 0.5.1
- 5da6833 Update version to 0.5.1
- 669c991 Fix sign error preventing incorrect memory over 4gig calculation.
- 7e6bd3e Minor - better indent assembler in int1587.
- 48cf232 Add comment explaining why mptable is in low memory.
- 643062f Add int1589 support.
- 085debd Set FDPT in irq table even for small drives.
- 7c1b186 Reduce #ifs by weeding out some cross-chunk function definitions.
- f9b25d3 Fix vgahook sign issue; add warning to build to catch future cases.
- 3862b2d vgabios: Fix compile error due to fixed prototypes.
- 1ca05b0 Be sure to add "void" to all function prototypes that take no args.
- b5bb9db mptable: Reset pinmask on new bus or device.
- 8918989 Detect latest FC12 gcc -combine breakage.
- c9d3c2d Minor vga binary cleanups.
- 9a8609f Make MTRR region 0xc0000-0x100000 be cached.
- fdca418 Force a link error if a function is used from the wrong code chunk.
- dad41d9 Add __noreturn define for __attribute__((noreturn)).
- c003148 Implement native 32bit APM support.
- 5c99b6c Commit compiled dsdt file; misc comment updates.
- 29f4b91 prevent acpi from rerouting SCI interrupt
- 4c94b7e enumerate all PCI buses in mptable
- 871e0a0 Add support for 32bit PCI BIOS entry.
- eda2c83 Only add "addr32" to memory accesses that require them.
- 52a300f Introduce MODESEGMENT define; rename VISIBLE32 to VISIBLE32FLAT.
- fe2c3ee Allocate smbios in temp space and copy into final location.
- b164d2c Clear user reserved interrupts (0x60-0x66).
- d9104ff Remove pci_bios_bigmem_addr; set pci_bios_mem_addr=0xe0000000
- 14021f2 Add initial support for ATA DMA.
- 8362699 Allocate mptable in temp space and copy into final location.
- 979862e Also report memory over 4G during init.
- 928d4df provide correct pci routing information in mptable
- afc02da Add symbolic definitions for MTRR code.
- fb214dc Fix yield() so it works from boot code.
- 2ceeec9 Fix potential build failure due to text16 section being too large.
- a2195e4 Increase version in preparation for next release.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Milan Plzik [Thu, 7 Jan 2010 12:39:43 +0000 (13:39 +0100)]
Qemu's internal TFTP server breaks lock-step-iness of TFTP
According to RFC 1350 and RFC 2347, TFTP server should answer RRQ by
either OACK or DATA packet. Qemu's internal TFTP server answers RRQ with
additional options by sending both OACK and DATA packet, thus breaking
the "lock-step" feature of the protocol, and also confuses client.
Proposed solution would be to, in case of OACK packet, wait for ACK
from client and just then start sending data. Attached patch implements
this.
Signed-off-by: Thomas Horsten <thomas@horsten.com> Signed-off-by: Milan Plzik <milan.plzik@gmail.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 1cb1a66aed921060fa34d161b52e95d05de18ec1)
Kevin Wolf [Wed, 13 Jan 2010 15:20:56 +0000 (16:20 +0100)]
osdep.c: Fix accept4 fallback
Commit 3a03bfa5 added a fallback in case the Linux kernel running qemu is older
than the kernel of the build system. Unfortunately, v1 was committed instead of
v2, so the code has a bug that was revealed in the review (checking for the
wrong error code).
Signed-off-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 347ed55cd109864b02dd29bb7e6cda1622e8019e)
Gerd Hoffmann [Fri, 8 Jan 2010 14:25:41 +0000 (15:25 +0100)]
pci: allow loading roms via fw_cfg.
This patch adds a pci bus property 'rombar' which specifies whenever
the pci rom should be loaded via pci rom bar (default) or via fw_cfg.
The later can be used for compatibility with older qemu versions where
no pci rom bar is present.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 88169ddf82853ca892ce7bee279579c8a0ac03e5)
Gerd Hoffmann [Fri, 8 Jan 2010 14:25:40 +0000 (15:25 +0100)]
roms: rework rom loading via fw
This patch changes the way rom loading via fw_cfg is handled.
Instead of having pc_init1() call a function which passed all
roms to the firmware config we simply pass a pointer to fw_cfg
to the rom loader.
Advantage: loading roms via firmware works also for devices which
are initialized after pc_init1(), i.e. everyting added via -device.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 8832cb805dcb65009b979cd8e17d75ac4b03c7e4)
Hi all,
calling vnc_update_client in vnc_refresh might have the unlikely side
effect of setting vd->timer = NULL, if the last vnc client disconnected.
In this case we have to return from vnc_refresh without updating the
timer, otherwise we cause a segfault.
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 83755c173f4608764e3ee92428247d1c5e962e6a)
Thomas Horsten [Thu, 7 Jan 2010 17:01:28 +0000 (17:01 +0000)]
Handle TFTP ERROR from client
If a PXE client only wants to find out the size of a file, it will
open the file and then abort the transfer by sending a TFTP ERROR packet.
The ERROR packet should cause qemu to terminate the session. If not,
the sessions will soon run out and cause timeouts in the client.
Also, if a TFTP session already exists with same IP/UDP port, it
should be terminated when a new RRQ is received, instead of creating a
duplicate (which will never be used).
A patch for gPXE to send the ERROR packet is also being submitted to
gPXE. Together they resolve slowness/hanging when booting pxegrub from
qemu's internal TFTP server. The patch from Milan Plzik to return
after sending OACK is also required for a complete fix.
Signed-off-by: Thomas Horsten <thomas@horsten.com> Signed-off-by: Milan Plzik <milan.plzik@gmail.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit bfe4e172421d711d1d5b049f90be0961451c8259)
Currently the dmg image format driver simply opens the images as raw
if any kind of failure happens. This is contrarty to the behaviour
of all other image formats which just return an error and let the
block core deal with it.
Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 1559ca00bc90ce6917c2798ed81098e4be67f58e)
Since patch ed757e140c0ada220f213036e4497315d24ca8bct, virtio will
sometimes clear all status registers on bus master disable, which loses
information such as VIRTIO_CONFIG_S_FAILED bit. This is a result of
a patch being misapplied: code uses ! instead of ~ for bit
operations as in Yan's original patch. This obviously does not make
sense.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 49e75cf38848e6da70c0e9ddb4d994e9d71a9625)
Stefan Weil [Thu, 7 Jan 2010 18:27:49 +0000 (19:27 +0100)]
pc-bios: Update README (SeaBIOS)
The PC BIOS no longer comes from Bochs.
This patch updates the related entry.
V2 - Modify SeaBIOS description and URL
(Thanks to Gleb Natapov for the hint).
Signed-off-by: Stefan Weil <weil@mail.berlios.de> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit c0ced0f3a76c9f3ad680141f751dd1a20c91bbbf)
Roland Dreier [Wed, 6 Jan 2010 04:43:34 +0000 (20:43 -0800)]
vmware_vga: Check cursor dimensions passed from guest to avoid buffer overflow
Check that the cursor dimensions passed from the guest for the
DEFINE_CURSOR command don't overflow the available space in the
cursor.image[] or cursor.mask[] arrays before copying data from the
guest into those arrays.
Signed-off-by: Roland Dreier <rolandd@cisco.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit f2d928d44ebc918750c94f3605c1417f1f653ec9)
Huang Ying [Tue, 5 Jan 2010 08:32:24 +0000 (16:32 +0800)]
MCE: Fix bug of IA32_MCG_STATUS after system reset
Now, if we inject a fatal MCE into guest OS, for example Linux, Linux
will go panic and then reboot. But if we inject another MCE now,
system will reset directly instead of go panic firstly, because
MCG_STATUS.MCIP is set to 1 and not cleared after reboot. This is does
not follow the behavior in real hardware.
This patch fixes this via set env->mcg_status to 0 during system reset.
Signed-off-by: Huang Ying <ying.huang@intel.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit af364b418cc57c53275c76ee5e0e0645908605b9)
Avi Kivity [Thu, 24 Dec 2009 13:38:50 +0000 (15:38 +0200)]
linuxboot: fix gdt address calculation
The gdt address calculation in linuxboot.bin is broken in two ways: first
it loads %cs into %eax, but that instruction leaves the high bits of %eax
undefined and we did not clear them. Secondly, we completely ignore the
incorrect %eax, and use the undefined %ebx instead.
With these issues fixed, linuxboot works again.
Signed-off-by: Avi Kivity <avi@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit d0652aa8ac8d82e077acf8e781557f4c4367dcf5)
Anthony Liguori [Thu, 7 Jan 2010 13:55:34 +0000 (07:55 -0600)]
vnc: Fix artifacts in hextile decoding
02c2b87 introduced a regression whereas the foreground color in a hextile
update was not being properly invalidated leading to artifacts.
It's still necessary to explicitly invalidate the foreground color with a
SubrectColoured tile even though we no longer send a foreground color as
part of the tile.
Reported-by: Mark Cave-Ayland <mark.cave-ayland@siriusit.co.uk> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 18cb1d85578e03b16570d9380309cca673f9fff8)
Michael Tokarev [Thu, 24 Dec 2009 09:15:47 +0000 (12:15 +0300)]
Add missing newline at the end of options list
In qemu-kvm this place looks even more "interesting":
-runas user Change to user id user just before starting the VM.
-readconfig <file>
-writeconfig <file>
read/write config file-no-kvm disable KVM hardware virtualization
-no-kvm-irqchip disable KVM kernel mode PIC/IOAPIC/LAPIC
-no-kvm-pit disable KVM kernel mode PIT
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 19e65b47f60c68d7e8c96aa0a36223c5a0d3422b)
Scott Tsai [Tue, 22 Dec 2009 20:30:18 +0000 (04:30 +0800)]
USB: Improve usbdevice error messages
When an non-existent USB device is specified on the command line,
print "qemu: could not add USB device 'X'".
Likewise for the usb_{add,del} monitor commands.
Signed-off-by: Scott Tsai <scottt.tw@gmail.com> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 59d1c1c2d774cccb0a88ff73501f97bea190c154)
Signed-off-by: Kirill A. Shutemov <kirill@shutemov.name> Cc: Blue Swirl <blauwirbel@gmail.com> Signed-off-by: Juan Quintela <quintela@redhat.com>
[blauwirbel@gmail.com: combined 299060a0 and 58faa1a6 to avoid breakage] Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Artyom Tarasenko [Sun, 13 Dec 2009 13:30:44 +0000 (13:30 +0000)]
fdc/sparc32: don't hang on detection under OBP
Stepping through the SS-5's OBP initialization routines
it looks like reading fdc main status register should
clear the fd interrupt.
The patch doesn't fix problems with fdc on sparc platform,
it only fixes fdc detection.
Signed-off-by: Artyom Tarasenko <atar4qemu@gmail.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Artyom Tarasenko [Sun, 13 Dec 2009 10:32:36 +0000 (11:32 +0100)]
scsi-disk: Inquiry with allocation length of CDB < 36 (v4)
According to the SCSI-2 specification,
http://ldkelley.com/SCSI2/SCSI2/SCSI2/SCSI2-08.html#8.2.5 ,
"if the allocation length of the command descriptor block (CDB) is too
small to transfer all of the parameters, the additional length shall
not be adjusted to reflect the truncation."
The 36 mandatory bytes of response are written to outbuf, and then
only the length requested in CDB is transferred.
Signed-off-by: Artyom Tarasenko <atar4qemu@gmail.com> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
Kevin Wolf [Sat, 19 Dec 2009 20:15:20 +0000 (21:15 +0100)]
Multiboot support: Fix rom_copy
ROMs need to be loaded if they are anywhere in the requested area, not
only at the very beginning. This fixes Multiboot with ELF kernels that
have more than one program header.
Signed-off-by: Kevin Wolf <mail@kevin-wolf.de> Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
(cherry picked from commit 935effc2bbd2c441b755a8d280811a9763fdb98c)
do_migrate_set_speed() accepts a suffix for the 'value' argument and this is
not good for QMP. We will have to add a new argument type to handle that and
this will have to wait for 0.13.
Luiz Capitulino [Fri, 18 Dec 2009 15:25:03 +0000 (13:25 -0200)]
QMP: Update spec file
- Remove "draft" status
- Change default success response to be json-object
- Change error and event data member to be a json-object
- Update examples
- Add new section "Compatibility Considerations"
- Other fixes and clarifications
Signed-off-by: Luiz Capitulino <lcapitulino@redhat.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
(cherry picked from commit 58341bcd112cf11c6266cabe36921572fa4b019d)
projects / qemu.git / log